"CVE-2021-3281: Potential directory-traversal via archive.extract() The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments." Fixed in: 3.1.6, 3.0.12, and 2.2.18
amd64 arm arm64 x86 (ALLARCHES) done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70cd8f0b94f8277ce84ea0502ce83a243d6167c9 commit 70cd8f0b94f8277ce84ea0502ce83a243d6167c9 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-02-13 18:41:56 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-02-13 20:15:29 +0000 dev-python/django: Remove old Bug: https://bugs.gentoo.org/768240 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/django/Manifest | 8 -- dev-python/django/django-2.2.17.ebuild | 95 -------------------- dev-python/django/django-3.0.11.ebuild | 103 ---------------------- dev-python/django/django-3.1.4.ebuild | 95 -------------------- dev-python/django/django-3.1.5.ebuild | 95 -------------------- dev-python/django/files/django-gettext-0.21.patch | 39 -------- 6 files changed, 435 deletions(-)
GLSA request filed.
Package list is empty or all packages have requested keywords.